Compliance in AWS

Sherlock has leveraged AWS’s platform to extend our HIPAA and NIST 800-53 certified services into the cloud enabling us and our business associates subject to HIPAA to securely process, store, and transmit PHI. Additionally, UC has secured a standardized Business Associate Agreement (BAA), enabling us to offer the secure and scalable components provided by AWS in alignment with HIPAA compliance requirements. Sherlock understands that public Cloud offerings such as AWS do not offer compliant services; customers are expected to buy compliant compute and storage services and build the necessary services on top to fully meet the compliance requirements. Sherlock Cloud addresses this critical gap by building the necessary services on top of the public Cloud resources, thereby offering customers end-to-end compliance.

Public Cloud Platform + Sherlock Services = Complete Solution

Sherlock Cloud offers its compliance expertise to offer solutions utilizing the AWS Cloud, and provides the related managed compliant services to its partners. Not only does this provide Sherlock Cloud partners with flexibility in choosing the platform that best addresses their needs (i.e., on premise at SDSC, in the AWS Cloud, or a combination of the two), but it eliminates the compliance guesswork for those customers that select to use the AWS Cloud. The AWS Cloud employs a shared responsibility model, which requires its customers to take responsibility for a number of compliance requirements to secure its data. Sherlock Cloud provides fully compliant and secure solutions in the AWS Cloud that comprehensively address the compliance requirements for its partners.